October 21, 2022

Episode 181

14 minutes

Overview

It’s the release of Ubuntu 22.10 Kinetic Kudu, and we give you all the details

on what’s new and improved, with a particular focus on the security features,

plus we cover a high priority vulnerability in libksba as well.

This week in Ubuntu Security Updates

39 unique CVEs addressed

[USN-5672-1] GMP vulnerability

1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-43618

[USN-5673-1] unzip vulnerabilities

3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2022-0530

CVE-2022-0529

CVE-2021-4217

[USN-5674-1] XML Security Library vulnerability

1 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2017-1000061

[USN-5675-1] Heimdal vulnerabilities

4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2022-3116

CVE-2021-3671

CVE-2019-12098

CVE-2018-16860

[USN-5677-1] Linux kernel vulnerabilities

11 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2022-36879

CVE-2022-33744

CVE-2022-33742

CVE-2022-33741

CVE-2022-33740

CVE-2022-3176

CVE-2022-26373

CVE-2022-26365

CVE-2022-2318

CVE-2022-20369

CVE-2021-4159

[USN-5678-1] Linux kernel vulnerabilities

9 CVEs addressed in Bionic (18.04 LTS)

CVE-2022-33744

CVE-2022-33742

CVE-2022-33741

CVE-2022-33740

CVE-2022-26365

CVE-2022-2318

CVE-2022-32296

CVE-2022-1012

CVE-2022-0812

[USN-5679-1] Linux kernel (HWE) vulnerabilities

9 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2022-33744

CVE-2022-33742

CVE-2022-33741

CVE-2022-33740

CVE-2022-26365

CVE-2022-2318

CVE-2022-32296

CVE-2022-1012

CVE-2022-0812

[USN-5676-1] PostgreSQL vulnerability

1 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2022-1552

[USN-5680-1] gThumb vulnerabilities

2 CVEs addressed in Focal (20.04 LTS)

CVE-2020-36427

CVE-2019-20326

[USN-5682-1] Linux kernel (AWS) vulnerabilities

11 CVEs addressed in Bionic (18.04 LTS)

CVE-2022-36879

CVE-2022-33744

CVE-2022-33742

CVE-2022-33741

CVE-2022-33740

CVE-2022-3176

CVE-2022-26373

CVE-2022-26365

CVE-2022-2318

CVE-2022-20369

CVE-2021-4159

[USN-5683-1] Linux kernel (IBM) vulnerabilities

16 CVEs addressed in Jammy (22.04 LTS)

CVE-2022-39189

CVE-2022-36946

CVE-2022-36879

CVE-2022-34495

CVE-2022-34494

CVE-2022-33744

CVE-2022-33743

CVE-2022-33742

CVE-2022-33741

CVE-2022-33740

CVE-2022-3176

CVE-2022-26373

CVE-2022-26365

CVE-2022-2318

CVE-2022-1882

CVE-2021-33655

[USN-5684-1] Linux kernel (Azure) vulnerabilities

9 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)

CVE-2022-33744

CVE-2022-33742

CVE-2022-33741

CVE-2022-33740

CVE-2022-26365

CVE-2022-2318

CVE-2022-32296

CVE-2022-1012

CVE-2022-0812

[USN-5570-2] zlib vulnerability

1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2022-37434

[USN-5685-1] FRR vulnerabilities

2 CVEs addressed in Jammy (22.04 LTS)

CVE-2022-37035

CVE-2022-37032

[USN-5686-1] Git vulnerabilities

2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2022-39260

CVE-2022-39253

[USN-5687-1] Linux kernel (Azure) vulnerabilities

9 CVEs addressed in Bionic (18.04 LTS)

CVE-2022-33744

CVE-2022-33742

CVE-2022-33741

CVE-2022-33740

CVE-2022-26365

CVE-2022-2318

CVE-2022-32296

CVE-2022-1012

CVE-2022-0812

[USN-5688-1] Libksba vulnerability [01:24]

1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2022-3515

libksba library used to parse and build ASN.1 objects contained within S/MIME,

X.509 certificates etc

ASN.1 supports various encoding formats - BER, DER (basic and distinguised

encoding rules respectively)

Both use a tag-length-value scheme to encode objects

When copying these objects around, would copy both a header as well as the

object itself - if an object was really large, the sum of the header size plus

the object would overflow - allowing a size check to be bypassed (since when

overflowing wraps around to be a small sized integer)

Integer overflow leading to a buffer overflow

Considered a severe bug by upstream

in Ubuntu is used by gpgsm (used to handled SMIME signed data) and dirmngr -

responsible for parsing and loading CRLS and verifying certs used by TLS

Goings on in Ubuntu Security Community

Ubuntu 22.10 Kinetic Kudu release [04:02]

https://ubuntu.com/blog/canonical-releases-ubuntu-22-10-kinetic-kudu

kernel 5.19

security wise

Faster RNG (entropy extraction switched from SHA1 to BLAKE2)

Support for Intel Trust Domain Extensions (TDX)

successor to SGX, builds on lessons learned

virtualisation based confidential computing environment

equivalent to an SGX enclave

uses a new processor mode called SEAM

allows to deploy legacy applications without having to adapt them a

different programming model as was done for SGX

AppArmor support for posix-mq and unprivileged user namespace mediation

idea is that only applications which are running under an AppArmor profile

with permission to user userns will be able to - unconfined will not -

this kernel configuration is disabled by default but can be enabled via a

sysctl:

then unconfined applications will not be able to use them

helps limit an attack surface for exploits - 4 out of 5 pwn2own exploits

against Ubuntu this year used unprivileged userns as part of their attack

chain

sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=1

Desktop

pipewire is now default instead of pulseaudio - improved bluetooth handling

GNOME 43 - gedit replaced by gnome-text-editor, gnome-terminal still there

but likely will be new gnome-console in 23.04

LibreOffice 7.4

FF 106/ TB 102

Updated bluez, CUPS, network-manager, Mesa 22 etc

Server

socket-activated SSH daemon to reduce memory footprint inside containers etc

improved support for integration with Windows Server w/ LDAP channel binding and LDAP signing in cyrus-sasl2

bind9 support for remote TLS verification in both named and dig to allow to implement strict and mutual TLS authentication

updated containerd, runc, docker.io

updated qemu - improved emulation of RISC-V, s390x

updated libvirt - ppc64 Power10 processor support

For developers:

debuginfod

updated gcc, Go, Ruby and Rust toolchains

Canonical Product Roadmap + Engineering Sprints + Ubuntu Summit [12:32]

No podcast for the next 3 weeks

Thanks and farewell to Shaun Murphy [13:45]

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

View all episodes

By Ubuntu Security Team

4.8

1010 ratings

October 21, 2022

Episode 181

14 minutes

Overview

It’s the release of Ubuntu 22.10 Kinetic Kudu, and we give you all the details

on what’s new and improved, with a particular focus on the security features,

plus we cover a high priority vulnerability in libksba as well.

This week in Ubuntu Security Updates

39 unique CVEs addressed

[USN-5672-1] GMP vulnerability

1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2021-43618

[USN-5673-1] unzip vulnerabilities

3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2022-0530

CVE-2022-0529

CVE-2021-4217

[USN-5674-1] XML Security Library vulnerability

1 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2017-1000061

[USN-5675-1] Heimdal vulnerabilities

4 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2022-3116

CVE-2021-3671

CVE-2019-12098

CVE-2018-16860

[USN-5677-1] Linux kernel vulnerabilities

11 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2022-36879

CVE-2022-33744

CVE-2022-33742

CVE-2022-33741

CVE-2022-33740

CVE-2022-3176

CVE-2022-26373

CVE-2022-26365

CVE-2022-2318

CVE-2022-20369

CVE-2021-4159

[USN-5678-1] Linux kernel vulnerabilities

9 CVEs addressed in Bionic (18.04 LTS)

CVE-2022-33744

CVE-2022-33742

CVE-2022-33741

CVE-2022-33740

CVE-2022-26365

CVE-2022-2318

CVE-2022-32296

CVE-2022-1012

CVE-2022-0812

[USN-5679-1] Linux kernel (HWE) vulnerabilities

9 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2022-33744

CVE-2022-33742

CVE-2022-33741

CVE-2022-33740

CVE-2022-26365

CVE-2022-2318

CVE-2022-32296

CVE-2022-1012

CVE-2022-0812

[USN-5676-1] PostgreSQL vulnerability

1 CVEs addressed in Xenial ESM (16.04 ESM)

CVE-2022-1552

[USN-5680-1] gThumb vulnerabilities

2 CVEs addressed in Focal (20.04 LTS)

CVE-2020-36427

CVE-2019-20326

[USN-5682-1] Linux kernel (AWS) vulnerabilities

11 CVEs addressed in Bionic (18.04 LTS)

CVE-2022-36879

CVE-2022-33744

CVE-2022-33742

CVE-2022-33741

CVE-2022-33740

CVE-2022-3176

CVE-2022-26373

CVE-2022-26365

CVE-2022-2318

CVE-2022-20369

CVE-2021-4159

[USN-5683-1] Linux kernel (IBM) vulnerabilities

16 CVEs addressed in Jammy (22.04 LTS)

CVE-2022-39189

CVE-2022-36946

CVE-2022-36879

CVE-2022-34495

CVE-2022-34494

CVE-2022-33744

CVE-2022-33743

CVE-2022-33742

CVE-2022-33741

CVE-2022-33740

CVE-2022-3176

CVE-2022-26373

CVE-2022-26365

CVE-2022-2318

CVE-2022-1882

CVE-2021-33655

[USN-5684-1] Linux kernel (Azure) vulnerabilities

9 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)

CVE-2022-33744

CVE-2022-33742

CVE-2022-33741

CVE-2022-33740

CVE-2022-26365

CVE-2022-2318

CVE-2022-32296

CVE-2022-1012

CVE-2022-0812

[USN-5570-2] zlib vulnerability

1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2022-37434

[USN-5685-1] FRR vulnerabilities

2 CVEs addressed in Jammy (22.04 LTS)

CVE-2022-37035

CVE-2022-37032

[USN-5686-1] Git vulnerabilities

2 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2022-39260

CVE-2022-39253

[USN-5687-1] Linux kernel (Azure) vulnerabilities

9 CVEs addressed in Bionic (18.04 LTS)

CVE-2022-33744

CVE-2022-33742

CVE-2022-33741

CVE-2022-33740

CVE-2022-26365

CVE-2022-2318

CVE-2022-32296

CVE-2022-1012

CVE-2022-0812

[USN-5688-1] Libksba vulnerability [01:24]

1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)

CVE-2022-3515

libksba library used to parse and build ASN.1 objects contained within S/MIME,

X.509 certificates etc

ASN.1 supports various encoding formats - BER, DER (basic and distinguised

encoding rules respectively)

Both use a tag-length-value scheme to encode objects

When copying these objects around, would copy both a header as well as the

object itself - if an object was really large, the sum of the header size plus

the object would overflow - allowing a size check to be bypassed (since when

overflowing wraps around to be a small sized integer)

Integer overflow leading to a buffer overflow

Considered a severe bug by upstream

in Ubuntu is used by gpgsm (used to handled SMIME signed data) and dirmngr -

responsible for parsing and loading CRLS and verifying certs used by TLS

Goings on in Ubuntu Security Community

Ubuntu 22.10 Kinetic Kudu release [04:02]

https://ubuntu.com/blog/canonical-releases-ubuntu-22-10-kinetic-kudu

kernel 5.19

security wise

Faster RNG (entropy extraction switched from SHA1 to BLAKE2)

Support for Intel Trust Domain Extensions (TDX)

successor to SGX, builds on lessons learned

virtualisation based confidential computing environment

equivalent to an SGX enclave

uses a new processor mode called SEAM

allows to deploy legacy applications without having to adapt them a

different programming model as was done for SGX

AppArmor support for posix-mq and unprivileged user namespace mediation

idea is that only applications which are running under an AppArmor profile

with permission to user userns will be able to - unconfined will not -

this kernel configuration is disabled by default but can be enabled via a

sysctl:

then unconfined applications will not be able to use them

helps limit an attack surface for exploits - 4 out of 5 pwn2own exploits

against Ubuntu this year used unprivileged userns as part of their attack

chain

sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=1

Desktop

pipewire is now default instead of pulseaudio - improved bluetooth handling

GNOME 43 - gedit replaced by gnome-text-editor, gnome-terminal still there

but likely will be new gnome-console in 23.04

LibreOffice 7.4

FF 106/ TB 102

Updated bluez, CUPS, network-manager, Mesa 22 etc

Server

socket-activated SSH daemon to reduce memory footprint inside containers etc

improved support for integration with Windows Server w/ LDAP channel binding and LDAP signing in cyrus-sasl2

bind9 support for remote TLS verification in both named and dig to allow to implement strict and mutual TLS authentication

updated containerd, runc, docker.io

updated qemu - improved emulation of RISC-V, s390x

updated libvirt - ppc64 Power10 processor support

For developers:

debuginfod

updated gcc, Go, Ruby and Rust toolchains

Canonical Product Roadmap + Engineering Sprints + Ubuntu Summit [12:32]

No podcast for the next 3 weeks

Thanks and farewell to Shaun Murphy [13:45]

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

Share Episode 181

Sign up to save your podcasts

Episode 181

Episode 181